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WHAT IS CLAIMED IS: 



1 LA computer-readable storage medium having data structures stored 

2 thereon or a computer-readable propagated signal having data structures, the data 

3 structures comprising: 

4 an access control group data structure to store access control group data; 

5 a user access data structure to store user access data wherein the user access data 

6 relates to at least one entry in the access control group data structure; and 

7 a data object access data structure to store data object access data wherein the data 

8 object access data relates to at least one entry in the access control group data structure. 

1 2. The medium or propagated signal of claim 1 wherein at least one entry in 

2 the access control group data includes a characteristic for use in determining at least one 

3 entry in the user access data structure that relates to the at least one entry in the access 

4 control group data structure. 

1 3. The medium or propagated signal of claim 1 wherein at least one entry in 

2 the access control group data structure includes a characteristic for use in determining at 

3 least one entry in the data object access data structure that relates to the at least one entry 

4 in the access control group data structure. 

1 4. The medium or propagated signal of claim 1 wherein at least one entry in 

2 the access control group data structure includes: 

3 a user characteristic for use in determining at least one entry in the user access 

4 data structure that relates to the at least one entry in the access control group data 

5 structure, and 

6 an object characteristic for use in determining at least one entry in the data object 

7 access data structure that relates to the at least one entry in the access control group data 

8 structure. 
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1 5. The medium or propagated signal of claim 1 wherein at least one entry in 

2 the access control group data structure includes an indication of an access control rule for 

3 use in determining: 

4 at least one entry in the user access data structure that relates to the at least one 

5 entry in the access control group data structure, and 

6 at least one entry in the data object data structure that relates to the at least one 

7 entry in the access control group data structure. 

1 6. The medium or propagated signal of claim 1 wherein at least one entry in 

2 the data object access data structure includes an indication of action that is permitted to 

3 be performed on a data object identified in the at least one entry in the data object access 

4 data structure. 

1 7. The medium or propagated signal of claim 1 wherein: 

2 at least one entry in the user access data structure includes an indication of action 

3 that is permitted to be performed by a user identified in the at least one entry in the user 

4 access data structure on a data object identified in the at least one entry in the data object 

5 access data structure such that the at least one entry in the data object access data 

6 structure relates to the at least one entry in the user access data structure. 



1 8. The medium or propagated signal of claim 1 further comprising an access 

2 rule data structure to store access control rule data wherein the access control rule data 

3 relates to at least one entry in the access control group data structure. 

1 9. The medium or propagated signal of claim 8 wherein at least one entry in 

2 the access rule data structure includes an indication of action that is permitted to be 

3 performed for at least one entry in the data object access data structure. 

1 10. The medium or propagated signal of claim 8 wherein at least one entry in 

2 the access rule data structure includes an indication of how to determine at least one entry 
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3 in the data object access data structure that relates to at least one entry in the access 

4 control group data structure. 

1 11. The medium or propagated signal of claim 8 wherein at least one entry in 

2 the access rule data structure includes an indication of how to determine at least one entry 

3 in the user access data structure that relates to at least one entry in the access control 

4 group data structure. 

1 12. The medium or propagated signal of claim 1 wherein each of the access 

2 control group data structure, the user access data structure, and the data object access data 

3 structure are each separately maintainable from each of the other data structures. 

1 13. The medium or propagated signal of claim 1 wherein each of the user 

2 access data structure and the data object access data structure are separately maintainable 

3 from the other data structure. 

1 14. The medium or propagated signal of claim 13 wherein a change in the user 

2 access data stored in the user access data structure does not necessitate a change in the 

3 data object access data stored in the data object access data structure to maintain desired 

4 control over access by particular users to particular data objects. 

1 15. The medium or propagated signal of claim 1 3 wherein a change in the data 

2 object access data stored in the data object access data structure does not necessitate a 

3 change in the user access data stored in the user access data structure to maintain desired 

4 control over access by particular users to particular data objects. 

1 16. A computer-readable storage medium having data structures stored 

2 thereon or a computer-readable propagated signal having data structures, the data 

3 structures comprising: 

4 an access control rule data structure to store access control rule data; and 
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5 a characteristic method data structure to store characteristic method data wherein 

6 the characteristic method data relates to at least one entry in the access control rule data 

7 structure. 

1 17. The medium or propagated signal of claim 1 6 further comprising a user 

2 data structure to store user data. 

1 18. The medium or propagated signal of claim 1 7 wherein at least one entry in 

2 the characteristic method data structure includes an indication of a method to determine a 

3 user characteristic associated with at least one entry in the user data structure. 

1 19. The medium or propagated signal of claim 18 wherein at least one entry in 

2 the access control rule data structure includes an indication of a criterion for use in 

3 eliminating at least one entry in the data object data structure when using the method to 

4 determine a user characteristic. 

1 20. The medium or propagated signal of claim 1 8 wherein at least one entry in 

2 the characteristic method data structure includes an indication of a criterion for use in 

3 eliminating at least one entry in the data object data structure when using the method to 

4 determine a user characteristic. 

1 21. The medium or propagated signal of claim 1 6 further comprising a data 

2 object data structure to store data object data. 

1 22. The medium or propagated signal of claim 21 wherein at least one entry in 

2 the characteristic method data structure includes an indication of a method to determine a 

3 data object characteristic associated with at least one entry in the data object data 

4 structure. 

1 23. The medium or propagated signal of claim 21 wherein at least one entry in 

2 the characteristic method data structure includes an indication of a criterion for use in 
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3 eliminating at least one entry in the data object data structure when using the method to 

4 determine a data object characteristic. 

1 24. The medium or propagated signal of claim 21 wherein at least one entry in 

2 the access control rule data structure includes an indication of a criterion for use in 

3 eliminating at least one entry in the data object data structure when using the method to 

4 determine a data object characteristic. 

1 25. An apparatus including a computer-readable storage medium having data 

2 structures stored thereon, the data structures comprising: 

3 an access control group data structure to store access control group data; 

4 a user access data structure to store user access data wherein the user access data 

5 relates to at least one entry in the access control group data structure; and 

6 a data object access data structure to store data object access data wherein the data 

7 object access data relates to at least one entry in the access control group data structure. 

1 26. An apparatus including a computer-readable storage medium having data 

2 structures stored thereon, the data structures comprising: 

3 an access control rule data structure to store access control rule data; and 

4 a characteristic method data structure to store characteristic method data wherein 

5 the characteristic method data relates to at least one entry in the access control rule data 

6 structure. 
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